refactor(nixosProfiles): Huge refactor. Lift nested profiles, network…

…ing, & more [WIP]
Lehmanator · Jan 28, 2025 · a6381b0 · a6381b0
1 parent 1f9536f
commit a6381b0
Show file tree

Hide file tree

Showing 86 changed files with 1,892 additions and 1,677 deletions.
diff --git a/nixos/hosts/fajita/minimal.nix b/nixos/hosts/fajita/minimal.nix
@@ -1,54 +1,54 @@
-{ inputs
-, config, lib, pkgs
-, user
-, ...
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  user,
+  ...
 }: {
   imports = [
-    inputs.agenix.nixosModules.age
     inputs.flake-utils-plus.nixosModules.autoGenFromInputs
-    inputs.home.nixosModules.home-manager
-    inputs.nixvim.nixosModules.nixvim
     inputs.nix-flatpak.nixosModules.nix-flatpak
     inputs.nur.modules.nixos.default
     inputs.scalpel.nixosModules.scalpel
-    inputs.sops-nix.nixosModules.sops
     inputs.srvos.nixosModules.mixins-nix-experimental
     inputs.srvos.nixosModules.mixins-trusted-nix-caches
-    ../../profiles/locale
-    #../../profiles/mobile
-    #../../profiles/nix
-    ../../profiles/shell
-    ../../profiles/users
-    ../../profiles/adb.nix
-    ../../profiles/sshd.nix
+    (inputs.self + /nixos/profiles/adb.nix)
+    (inputs.self + /nixos/profiles/agenix.nix)
+    (inputs.self + /nixos/profiles/bash.nix)
+    (inputs.self + /nixos/profiles/home-manager.nix)
+    (inputs.self + /nixos/profiles/locale-est.nix)
+    (inputs.self + /nixos/profiles/mobile)
+    (inputs.self + /nixos/profiles/nix)
+    (inputs.self + /nixos/profiles/nixvim)
+    (inputs.self + /nixos/profiles/sops.nix)
+    (inputs.self + /nixos/profiles/sshd.nix)
+    (inputs.self + /nixos/profiles/user-primary.nix)
+    (inputs.self + /nixos/profiles/zsh.nix)
   ];
 
-  #home-manager = {
-  #  useGlobalPkgs = true;
-  #  useUserPackages = true;
-  #  verbose = true;
-  #  extraSpecialArgs = { inherit inputs user; };
-  #  sharedModules = [
-  #    inputs.agenix.homeManagerModules.age
-  #    inputs.nix-flatpak.homeManagerModules.nix-flatpak
-  #    inputs.nixvim.homeManagerModules.nixvim
-  #    inputs.nur.modules.homeManager.default
-  #    inputs.sops-nix.homeManagerModules.sops
-  #  ];
-  #  users.${user} = import ../../../hm/users/${user};
-  #};
+  # home-manager = {
+  #   useGlobalPkgs = true;
+  #   useUserPackages = true;
+  #   verbose = true;
+  #   extraSpecialArgs = { inherit inputs user; };
+  #   sharedModules = [
+  #     inputs.nix-flatpak.homeManagerModules.nix-flatpak
+  #     inputs.nixvim.homeManagerModules.nixvim
+  #     inputs.nur.modules.homeManager.default
+  #   ];
+  #   users.${user} = import (inputs.self + /hm/users/${user});
+  # };
 
   sops = {
-    defaultSopsFile = ./secrets/default.yaml;
-    age.sshKeyPaths =
-      map (k: k.path) (builtins.filter (k: k.type == "ed25519")
-        config.services.openssh.hostKeys);
+    defaultSopsFile = inputs.self + /nixos/hosts/${config.networking.hostName}/secrets/default.yaml;
+    age.sshKeyPaths = map (k: k.path) (builtins.filter (k: k.type == "ed25519") config.services.openssh.hostKeys);
     secrets = {github-token = {};};
   };
 
   services.flatpak = {
     enable = true;
-    #packages = [];
+    # packages = [];
     overrides = {
       global.filesystems = lib.mkDefault [
         "xdg-config:gtk-4.0:ro"
@@ -88,7 +88,7 @@
   };
 
   services.openssh.enable = true;
-  #services.pipewire.enable = false;
+  # services.pipewire.enable = false;
   sound.enable = true;
   hardware = {
     pulseaudio.enable = true;
@@ -103,7 +103,7 @@
     hostPlatform = "aarch64-linux";
     overlays = [inputs.fenix.overlays.default inputs.nur.overlays.default];
   };
-  #nix.registry.self = inputs.self.outPath;
+  # nix.registry.self = inputs.self.outPath;
   environment.etc."nix/inputs/self".source = inputs.self.outPath;
 
   # Reset IM_MODULE to fix on-screen keyboard

diff --git a/nixos/hosts/fajita/profiles.nix b/nixos/hosts/fajita/profiles.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
-{
+{inputs, ...}: {
   imports = [
     (inputs.self + /nixos/profiles)
     (inputs.self + /nixos/profiles/flatpak.nix)
@@ -10,18 +9,19 @@
     # (inputs.self + /nixos/profiles/gnome)
 
     # --- Disabled ---
-    # (inputs.self + /nixos/profiles/hardware/fprintd.nix)
-    # (inputs.self + /nixos/profiles/virt/windows)
+    # (inputs.self + /nixos/profiles/fprintd.nix)
+    # (inputs.self + /nixos/profiles/vm-guest-windows.nix)
     # (inputs.self + /common/profiles/editor)
 
     # --- Imported by profiles/nixos ---
+    # (inputs.self + /nixos/profiles/bash.nix)
     # (inputs.self + /nixos/profiles/boot)
     # (inputs.self + /nixos/profiles/hardware)
-    # (inputs.self + /nixos/profiles/locale)
+    # (inputs.self + /nixos/profiles/locale-est.nix)
     # (inputs.self + /nixos/profiles/network)
-    # (inputs.self + /nixos/profiles/security)
+    # (inputs.self + /nixos/profiles/sudo.nix)
     # (inputs.self + /nixos/profiles/sops.nix)
-    # (inputs.self + /nixos/profiles/shell)
-    # (inputs.self + /nixos/profiles/users)
+    # (inputs.self + /nixos/profiles/user-primary.nix)
+    # (inputs.self + /nixos/profiles/zsh.nix)
   ];
 }
diff --git a/nixos/hosts/fw/default.nix b/nixos/hosts/fw/default.nix
@@ -1,187 +1,65 @@
-{
-  inputs,
-  config,
-  pkgs,
-  lib,
-  user,
-  ...
-}: {
+{inputs, ...}: {
   # https://github.com/nixvital/fprint-clear
   # https://github.com/ssddq/fw-ectool
   # https://github.com/mdvmeijer/fw-fanctrl-nix
   # https://github.com/DHowett/FrameworkHacksPkg
   # https://github.com/taotien/framework_toolbox
   # https://github.com/DHowett/framework-ec
   # https://github.com/morpheus636/awesome-framework
-
   imports = [
     inputs.nixos-hardware.nixosModules.framework-12th-gen-intel
-
     ./hardware-configuration.nix # Configuration related to hardware
+    # ./disko.nix
     ./displays.nix # Handles hardware peripherals for external & internal displays
     ./managed.nix # Include app-managed config: nixos-conf-editor & nix-software-center
-
     (inputs.self + /nixos/profiles)
     (inputs.self + /nixos/profiles/bluetooth.nix)
     (inputs.self + /nixos/profiles/desktop)
-    (inputs.self + /nixos/profiles/disko.nix)
     (inputs.self + /nixos/profiles/gnome)
     (inputs.self + /nixos/profiles/fprintd.nix)
     # (inputs.self + /nixos/profiles/displaylink.nix)
+    # (inputs.self + /nixos/profiles/hardware)
     (inputs.self + /nixos/profiles/hardware/peripherals/apple.nix)
     (inputs.self + /nixos/profiles/hardware/peripherals/logitech.nix)
-    (inputs.self + /nixos/profiles/impermanence.nix)
+    # (inputs.self + /nixos/profiles/hardware/peripherals/printers.nix)
+    # (inputs.self + /nixos/profiles/hardware/peripherals/scanners.nix)
+    # (inputs.self + /nixos/profiles/hercules-ci.nix)
+    # (inputs.self + /nixos/profiles/impermanence.nix)
     (inputs.self + /nixos/profiles/lanzaboote.nix)
+    # (inputs.self + /nixos/profiles/network)
+    # (inputs.self + /nixos/profiles/nixos)
     (inputs.self + /nixos/profiles/plymouth.nix)
+    # (inputs.self + /nixos/profiles/server/kubernetes/k3s-node-main.nix)
+    # (inputs.self + /nixos/profiles/slippi.nix)
+    # (inputs.self + /nixos/profiles/sops.nix)
     (inputs.self + /nixos/profiles/systemd-boot.nix)
     (inputs.self + /nixos/profiles/systemd-initrd.nix)
+    # (inputs.self + /nixos/profiles/systemd-homed.nix)
     (inputs.self + /nixos/profiles/thunderbolt.nix)
     (inputs.self + /nixos/profiles/tlp.nix)
     (inputs.self + /nixos/profiles/tpm2.nix)
-    (inputs.self + /nixos/profiles/virt)
-
-    # (inputs.self + /nixos/profiles/hercules-ci.nix)
-    # (inputs.self + /nixos/profiles/slippi.nix)
-    # (inputs.self + /nixos/profiles/hardware/peripherals/printers.nix)
-    # (inputs.self + /nixos/profiles/hardware/peripherals/scanners.nix)
-    # (inputs.self + /nixos/profiles/server/kubernetes/k3s-node-main.nix)
-    # (inputs.self + /nixos/profiles/users/homed.nix)
-
-    # --- Disabled ---
-    # (inputs.self + /nixos/profiles/virt/windows)
-    # (inputs.self + /common/profiles/editor)
-
-    # --- Imported by profiles/nixos ---
-    # (inputs.self + /nixos/profiles/nixos)
-    # (inputs.self + /nixos/profiles/hardware)
-    # (inputs.self + /nixos/profiles/locale)
-    # (inputs.self + /nixos/profiles/network)
-    # (inputs.self + /nixos/profiles/security)
-    # (inputs.self + /nixos/profiles/sops.nix)
-    # (inputs.self + /nixos/profiles/shell)
-    # (inputs.self + /nixos/profiles/users)
+    (inputs.self + /nixos/profiles/virt.nix)
+    # (inputs.self + /nixos/profiles/vm-guest-windows.nix)
   ];
-
-  system.stateVersion = "24.11";
-  networking.hostName = "fw";
   console.useXkbConfig = true;
+  disko.enableConfig = false;
   environment.etc.machine-id.text = "aa38a832d16e436d8aab8bb0550d4810";
+  networking.hostId = "aa38a832";
+  networking.hostName = "fw";
+  system.stateVersion = "24.11";
 
-  #isoImage.isoName =
-  #  lib.mkImageMediaOverride
-  #  "lehmanator-${config.system.build.installHostname}-${config.system.nixos.release}-${
-  #    inputs.self.shortRev or "dirty"
-  #  }-${pkgs.stdenv.hostPlatform.uname.processor}.iso";
-  #isoImage.volumeID = "lehmanator-${config.system.nixos.release}-${
-  #  inputs.self.shortRev or "dirty"
-  #}-${pkgs.stdenv.hostPlatform.uname.processor}";
-  #
-  #system.build.installHostname = config.networking.hostName;
-  #system.build.installClosure = config.system.build.toplevel;
-  #system.build.installDiskoScript = config.system.build.diskoScript;
-  #system.build.installer = pkgs.runCommandLocal config.isoImage.isoName {
-  #  isoPath = "${config.system.build.isoImage}/iso/${config.isoImage.isoName}";
-  #} ''ln -s "$isoPath" $out'';
-
-  # --- Users ---
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users."${user}" = {
-    isNormalUser = true;
-    description = "Sam Lehman";
-    extraGroups = ["wheel" "users" "dialout"];
-
-    # Format: <options> <keyType> <base64-encoded-key> <comment>
-    #    See: http://man.he.net/man5/authorized_keys
-    # TODO: Collect from flake outputs? Filter out duplicates & prevent infinite recursion.
-    # TODO: Only `ed-25519 keys`?
-    # TODO: Purpose-specific keys?
-    #  - TODO: KDE Connect
-    #  - TODO: Backup
-    #  - TODO: Remote builders
-    #  - TODO:
-    # cell.nixosConfigurations.config.users.users.${user}.openssh.authorizedKeys.keys
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCn5m9GuM7DgUwKEienhfXC38a2UTWCCHsXwJSeOeXaNegYeHcPMp1NTwJ04CV6YwXUzVjehyOtDFVQ7XvnwsjOYAK1suYIw5tt2LeejTk4cYnnplHEmoxvQuc6tLK62w3/ar+Ba6OEJdf+9Mv0uJSEYliX9sF/PPce3YrdMKYesn75qyU0xvnfDTsEyXh6ldwMUfLiviY/yfYWAyOPX2LoBWskpLtsPNVQm5Fyjqzm/CjKlv2ILZm5BH6PjLb+wa1bgk0aSFcx82CNVgY7Bh9aWnN+yzbIIzn4VSHOVV/RWQk8OfIZ3F2HBJ+OPZq3fEa9PVIGNCBmzjUxlTcofcNAeVc0LAbqV5PUwhKayCS1Lh3ehUNf83+L0hle4FYtvWu84GoQRf/0OmhOiVeaK6xmvNL7zSoWurTWlMCs9FZxPGMRb5KdmOqhHjGNd82tyGYGNkykzAgs14BZvmd4h0w7J98k5UOsF0a6fZnA3AQQwfQdrB4fKsuxGoWt4pD47UQ3KjO71OwYsVREvkkeRKnYMbV3zJ2SPRU1NoL2ZgptRdRjyFu5HqXndUwoEcgWT1FC5NQqj+r0PYyRzS7qMyHG9T2KvYd3jDXZNDYUvTGJfKvf2TDJ2m2Ix001go/68EdbdpRkVRMPoi2gg/K/WbvOwhDAaRh8a+A/0JfMNoo3vQ== termux@cheetah"
-      # TODO:  "ssh-ed25519  u0_a263@localhost"  # Flame   (Termux)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoHifjJL0fMBZDjNnXvSDhr0cwgkU80ybVeKRnly7Ku termux@cheetah" # Cheetah (Termux)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtA7S/6BSsGRTTcKU/9+Aa/VsPCJzNkfjHbvFlaSVKN user@fajita-gnome" # Fajita  (gnome)
-      # +--[Hostname]--+--------[OS]--+--[Env]--+-------[OEM]--+--[Model Name]----+--[Codename]--+
-      # | fw           |        NixOS | GNOME   |      Samsung | Galaxy S21 Ultra |              |
-      # | wyse         |        NixOS | GNOME   |         Dell | Wyse 7040        |              |
-      # | aio          |        NixOS | GNOME   |         Dell | Inspiron AIO     |              |
-      # | raspi3       |        NixOS | Server  | Raspberry Pi | Raspberry Pi 3   |              |
-      # | taba8        | PostmarketOS | GNOME   |      Samsung | Galaxy Tab A 8.0 |              |
-      # | fajita-gnome | PostmarketOS | GNOME   |      OnePlus | 6T               | fajita       |
-      # | fajita-phosh | PostmarketOS | Phosh   |      OnePlus | 6T               | fajita       |
-      # | oriole       |      Android | Termux  |       Google | Pixel 6          | oriole       |
-      # | raven        |      Android | Termux  |       Google | Pixel 6 Pro      | raven        |
-      # | flame        |      Android | Termux  |       Google | Pixel 4          | flame        |
-      # | taimen       |      Android | Termux  |       Google | Pixel 2 XL       | taimen       |
-      # | sultra       |      Android | Termux  |      Samsung | Galaxy S21 Ultra |              |
-      # +--------------+--------------+---------+---------------------------------+--------------+
-    ];
-  };
-
-  #users = {
-  #  groups = {
-  #    nm-openconnect = {};
-  #    #netdev = {};
-  #  };
-  #  #extraGroups = {
-  #  #  # Fix for D-Bus error on missing group: netdev
-  #  #  # TODO: Figure out what causes this error (sshd? pkcs? pam? pam-pkcs11?)
-  #  #  netdev = { name = "netdev"; };
-  #  #};
-  #  extraUsers = {
-  #    # Fix for D-Bus error on missing user: nm-openconnect
-  #    # TODO: Figure out what causes this error (sshd? pkcs? pam? pam-pkcs11? OpenConnect? NetworkManager?)
-  #    nm-openconnect = {
-  #      name = "nm-openconnect";
-  #      description = "System user to control OpenConnect in NetworkManager";
-  #      isSystemUser = true;
-  #      group = "nm-openconnect";
-  #      extraGroups = [
-  #        #"netdev"
-  #        "networkmanager"
-  #      ];
-  #    };
-  #  };
-  #};
-
-  # TODO: Move most of these to home-manager profile (default user?)
-  environment.systemPackages = with pkgs; [
-    bat
-    eza
-    gcc
-    lsd
-    #ripgrep
-    tealdeer
-    gnumake
-    lynis
-  ];
-
-  #programs.home-manager.enable = true;
-
-  # --- Shell ---
-  programs = {
-    git = {
-      enable = true;
-      package = pkgs.gitFull;
-    };
-    less = {
-      enable = true;
-      lessopen = "|${pkgs.lesspipe}/bin/lesspipe.sh %s";
-    };
-    traceroute.enable = true;
-    # --- Keys ---
-    gnupg = {
-      dirmngr.enable = true;
-      agent.enableExtraSocket = true;
-      agent.enableBrowserSocket = true;
-    };
-  };
-  qt.enable = true;
-  nix.settings.trusted-public-keys = [
-    "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
-  ];
+  # programs.home-manager.enable = true;
+  # isoImage = {
+  #   isoName = lib.mkImageMediaOverride
+  #   "lehmanator-${config.system.build.installHostname}-${config.system.nixos.release}-${inputs.self.shortRev or "dirty"}-${pkgs.stdenv.hostPlatform.uname.processor}.iso";
+  #   volumeID = "lehmanator-${config.system.nixos.release}-${inputs.self.shortRev or "dirty"}-${pkgs.stdenv.hostPlatform.uname.processor}";
+  # };
+  # system.build = {
+  #   installHostname = config.networking.hostName;
+  #   installClosure = config.system.build.toplevel;
+  #   installDiskoScript = config.system.build.diskoScript;
+  #   installer = pkgs.runCommandLocal config.isoImage.isoName {
+  #     isoPath = "${config.system.build.isoImage}/iso/${config.isoImage.isoName}";
+  #   } ''ln -s "$isoPath" $out'';
+  # };
 }